Notarize Mac binaries

[feross]

macOS 10.15 Catalina will require apps to be "notarized".

Notarization is all about identifying and blocking malicious Mac software prior to distribution, without requiring App Review or the Mac App Store.

• WWDC Video: https://developer.apple.com/videos/play/wwdc2019/703/
• More details (it's complicated): https://eclecticlight.co/2019/06/07/notarization-in-mojave-and-catalina/
• How to tell that code has been notarized: https://eclecticlight.co/2019/05/31/can-you-tell-whether-code-has-been-notarized/

Changes will likely be required to the WebTorrent packaging process to conduct the notarization step with Apple, which they claim takes around 15 minutes.

More about what notarization is:

So let's run through a little bit about what the workflow looks like when you need to start notarizing your software for the first time. Here's a diagram that talks a little bit about what the development workflow can look like and local development remains completely unchanged. You build and sign at your desk using your Apple Developer Certificates until you have a release candidate. At that point you sign the software with your Developer ID Certificate, and you can send a copy of it to the Apple Notary Service for notarization. When notarization is complete and successful, the Notary Service can send back a ticket which you staple to your software prior to distribution and once it's stapled, the software is ready for distribution just like you did before. Now it's worth calling out that this workflow didn't change at all from last year, so this is just a bit of a refresher. Now what we didn't talk about last year was what happens when someone downloads your software and uses it for the first time.

So when a user downloads your stapled software and double-click it to launch it, the gatekeeper will perform a verification. It'll check the local ticket and it will also reach out to the Notary Service via CloudKit to check for a ticket also.

As long as the ticket checks out and the ticket matches the content of your app, gatekeeper will allow the application and the user will see the normal first launch prompt.

[feross]

Looks like it worked: says "Apple checked it for malicious software and none was detected"